Recent high profile data breaches (Sony, Anthem, JP Morgan, even Target) have been attributed to successful phishing attacks against employees. While phishing attacks aren’t new to the campus, highly sophisticated attacks are. Earlier this semester, members of our community were subject to a very targeted phishing attack aimed at stealing personal information. It was a well crafted and College branded email and several members of our community fell victim to it. Fortunately, we were alerted promptly, enabling us to stop the attack before the attackers used the credentials they had gained.

Studies have shown that sustained internal simulations reduce an organization's susceptibility to phishing. As a part of our ongoing information security awareness program, and in place of next year's computer-based annual training requirement, we are launching such an internal self-phishing simulation campaign in which we will send emails that mimic commonly used phishing techniques. Our goals are to improve our ability to resist phishing attacks of various levels of sophistication and, in turn, protect your personal information and the personal information of our students.

The initial campaign begins now and data gathered from the campaign will not be identified by individual or department. Rather, we will be looking at the performance of the College as a whole.

During the campaign and after, if you receive an email that you believe is a phishing email, you can forward it to PhishMeNot@holycross.edu for review by ITS information security staff.